Information Week

Sudhakar Ramakrishna was just days into his new role as SolarWinds chief executive officer when news broke of a historic nation-state hack targeting his company. During “SUNBURST,” a cyberattack spanning nearly two years targeted SolarWinds’ flagship software platform, Orion. The attack struck several US government networks, including the Departments of Commerce, Energy, Homeland Security, State, and Treasury. The 2019 attacks were revealed in December 2020. The US suspected Russian state actors were behind the breach. In the ensuing fallout, the US Securities and Exchange Commission (SEC) filed a civil suit in October 2023 alleging the company and its CISO, Timothy Brown, had committed fraud by failing to disclose the breach sooner. In July, a federal judge dismissed most of the charges in the lawsuit. When Ramakrishna first walked into the SolarWinds offices in January 2021, he faced some tough decisions. The company in 2021 shed a large portion of its workforce in a spin-out of the N-able business, going from a headcount of 3,340 to 2,147. An observability and IT management software firm falling victim to one of the biggest cyberattacks in history took a toll on reputation and customer trust as well. Rebuilding Trust After Catastrophe Related:Note From the Editor-in-Chief Fast forward three years to the present date, and things are looking brighter for SolarWinds. The company’s most recent financials showed a strong third quarter 2024, with revenue of $200 million, a 6% year-over-year jump. Total annual recurring revenue for subscriptions leaped 36%. The company added to its headcount this year as well, bringing the total to 2,305. “The trust of our customers and partners is something I would never take for granted,” Ramakrishna tells InformationWeek in a live interview. “I think the reason we won back trust is that today we are known for the company we have become, versus what happened to us in 2020. The reason I think we got to this point is based on transparency when the incident happened. While it could have happened to anyone, we took responsibility. We did not deflect blame on anyone.” Despite best efforts to move forward, the Sunburst incident keeps drawing headlines. Just last month, the SEC fined four SolarWinds customers with penalties ranging from $990,000 to $4 million. The fresh actions dig up old wounds for SolarWinds as it continues to try to move forward. Ramakrishna says it’s hard seeing SolarWinds grabbing headlines for SUNBURST again “because there is so much more positive stuff that’s going on with us — on the business side, the product side, innovation, customers and results.” Related:CISOs in 2025: Evolution of a High-Profile Role As for maintaining trust, he says, “We earn the trust of our customers every day. SUNBURST almost never really comes up when I discuss things with customers. When it does, it’s in the context of how we can apply the lessons you learned in our environment.” Ramakrishna says that the most recent quarter showed customer retention of 97%. “That is an indication of trust.” Standing Up for CISOs The indictment and prosecution of former Uber CSO Joe Sullivan sent shockwaves through the security community. In 2022, a federal judge sentenced Sullivan to 3 months’ probation and a fine for his response to a 2016 cyberattack that exposed millions of Uber customers’ data. For the first time, the government was coming directly after IT executives. When SolarWinds’ Brown was named in the SEC’s lawsuit, many CISOs saw it as a continued trend of scapegoating security executives. Instead of placating calls to fire Brown, SolarWinds shot back at the SEC publicly, denying the allegations and accusing the agency of victimizing victims. “One of the very first decisions I had to make was, ‘What do we do with Tim,” Ramakrishna says of Brown. “The way I thought about it was it was not an incident caused by one person. That’s an incident that many attribute to a nation-state attack … so, it takes a village, as they say, to keep the company’s assets secure. I don’t think we should be in a world of scapegoating. We should be in the world of learning, iterating, and improving.” Related:Yes, AI Will Kill Jobs, Then Create More Ramakrishna says his decision to back Brown went beyond SolarWinds. “As much as I care about SolarWinds, I also care about the tone we set in the industry as a community … are we going to be in a world of scapegoating, or a world of progress? It was a little bit of a ‘go against the grain’ decision, because I could have taken the simple route. But I would still make the same decision today.” He says he felt vindicated for his stance after the federal judge dropped most of the charges in the case. “I felt very strongly that we were trying to do the right things.” Sullivan, who is now an independent consultant and speaker, applauded SolarWinds and Ramakrishna for standing by Brown. “I think he is a role model for all CEOs,” Sullivan says in an email interview. “CISOs do not operate in a vacuum — they are part of an executive leadership team that should stand together on risk decisions that are shared decisions. It is all the more impressive that Mr. Ramakrishna was not the CEO when the incident happened but has operated with such integrity.” SolarWinds’ Effort to ‘De-Silo’ IT Coming out of the SUNBURST incident, the company needed to focus its attention back on its business. Ramakrishna believes emerging technologies and strained budgets are causing IT departments to become siloed, hindering C-suite communication. “No matter the size of the enterprise, there are far fewer people today … in terms of being able to manage their IT environments, which are exploding into the cloud. The number of applications that a common enterprise is managing is increasing, and complexity is increasing. And nobody is saying their IT budgets are increasing — at best case, they are flat.” SolarWinds’ IT tools aim to help bridge the gap and de-silo the IT

Pat Gelsinger, who became Intel’s CEO and launched an ambitious effort to return the semiconductor giant to past domestic manufacturing glory, on Monday announced his retirement and stepped down from the board of directors — effective immediately. Gelsinger took the reins of Intel in 2021 and quickly masterminded the company’s “IDM 2.0” effort to launch an ambitious domestic semiconductor manufacturing plan. The silicon giant moved quickly to build new facilities in Ohio and Arizona, a multibillion-dollar effort bolstered by promised funds from the US CHIPs and Science Act. But those plans were overshadowed by continued sour economic news that saw dwindling profits and mass layoffs after the COVID-19 pandemic. In August, the company announced that it would cut 15,000 jobs — 15% of its global workforce — after disappointing quarterly results that showed a net income drop of 85%. Intel on Monday also named senior leaders David Zinsner and Michelle (MJ) Johnston Holthaus interim co-chief executive officers while the board hunts for a new permanent CEO. Frank Yeary, independent chair of Intel’s board of directors, will become interim executive chair. Intel’s remaining leadership structure will remain unchanged, the company said in a release. Related:Note From the Editor-in-Chief “While we have made significant progress in regaining manufacturing competitiveness and building the capabilities to be a world-class foundry, we know that we have much work to do at the company and are committed to restoring investor confidence,” Yeary said in a statement. Holthaus was also named CEO of Intel Products, a permanent role. Gelsinger started his career at Intel in 1976 and eventually became the company’s chief technology officer before leaving and eventually became CEO at VMware in 2012. He returned to Intel to fill the role of outgoing Intel CEO Bob Swan — who held the role for just two years. Gelsinger called his sudden retirement “bittersweet” and praised his co-workers. “Leading Intel has been the honor of my lifetime — this group of people is among the best and brightest in the business, and I’m honored to call each and every one a colleague,” Gelsinger said in a statement. “It has been a challenging year for all of us as we have made tough but necessary decisions to position Intel for the current market dynamics.” In a statement, interim co-CEOs Zinsner and Holthaus said, “We are grateful for Pat’s commitment to Intel over these many years as well as his leadership. We will redouble our commitment to Intel Products and meeting customer needs … we will be focused on driving returns on foundry investments.” Related:CISOs in 2025: Evolution of a High-Profile Role Intel had recently been awarded nearly $8 billion in CHIPs Act funding, less than the $8.5 billion it had originally expected. source

Explore the latest news and expert commentary on IT Leadership, brought to you by the editors of InformationWeek source

As IT pros prepare for the demands of 2025, top certifications in cloud computing, security, and data management come bundled with impressive salaries as businesses embrace multi-cloud infrastructure, advanced IT security, and AI.    A Skillsoft report suggests certified professionals frequently hold management roles, with nearly one in five tech leaders reporting that certified employees bring an additional $30,000 or more in value annually to their organizations.   The study put the AWS Certified Security – Specialty role in the top spot, with certified professionals earning over $200,000 annually — a notable $40,000 increase from last year.  Other high-ranking certifications include Google Cloud’s Professional Cloud Architect, with average earnings just above $190,000, and the Nutanix Certified Professional in Multicloud Infrastructure at $175,000.  The report indicated security credentials continue to hold value, particularly with the CCSP (Certified Cloud Security Professional) and Cisco Certified Network Professional – Security certifications, which bring in averages of $171,000 and $168,000, respectively.  These credentials focus on managing risk, ensuring data privacy, and securing IT infrastructure, key areas as companies work to support new deployments in a rapidly evolving digital landscape.  Related:Gelsinger Out as Intel CEO as Chip Giant Struggles to Regain Footing Skillsoft CIO Orla Daly says it was no surprise that security certifications, particularly AWS, are at the top, given the increasing number of cyber threats companies are dealing with.  “There continues to be a growing recognition of the importance of cybersecurity in today’s digital landscape,” she says via email.  She points out both cloud and infrastructure certifications made the list again, an unsurprising result considering the meteoric rise of AI across industries.  “Cloud and infrastructure are expected to see significant growth as the backbone to take advantage of AI and drive increased automation,” Daly says.   Daly notes that while Skillsoft’s list doesn’t contain any AI-specific certifications, those in security, privacy, cloud, and infrastructure all play essential roles in supporting AI tools.   “In the certification world, it often takes time for certifications to gain traction,” she explains.  Right now, what is being seen in areas like AWS Security at the top is that organizations are still preparing for large-scale AI rollouts.  “Ultimately, it’s a mix of certifications being a bit slower to evolve and adjacent skills rising in criticality,” Daly says.   Related:How to Build a Strong and Resilient IT Bench Certifications: More Important Than Ever  From the perspective of Kausik Chaudhuri, CIO at Lemongrass, certifications are more important now than they’ve ever been.  “The report makes it clear that professionals and employers are placing greater value on these credentials,” he says via email.  For employees, having certifications is a surefire way to boost salary potential and job performance and companies see certified employees as more productive and efficient.  He adds that having certifications can mean an increase in salary and job security for an employee.   “It’s more than just a resume booster though — it’s about keeping your skills relevant and showing your worth in today’s competitive market,” Chaudhuri says.   Daly notes certifications are not just a testament to one’s knowledge but also a commitment to continuous learning and staying updated with the latest technologies.  “The value of certifications in today’s workplace lies in the need for specialized skills and the assurance that certified individuals bring to a role,” Daly says.   She adds that hiring practices are changing with a noticeable move toward skills-based hiring — approach focusing on the specific skills and competencies that candidates bring to the table.   Related:How to Create an Accurate IT Project Timeline They are then matched organizational and positional needs, rather than solely on their educational background or previous job titles.  “The combination of evolving attitudes towards certifications and the move towards skills-based hiring reflects a broader trend in the job market, where tangible achievements and recognized credentials are highly valued,” Daly says.   Executive Buy-In, Career Growth Focus   Paul Farnsworth, CTO of DHI Group, says the knowledge required to earn certifications can prove invaluable to an organization.   “Tech professionals interested in securing executive buy-in for the time and funds necessary to earn certifications should explain to their managers that the knowledge will ultimately make them more effective team members,” he says.  For example, a tech professional interested in securing AWS or Azure certifications could suggest that doing so will allow them to better operate the organization’s cloud infrastructure.   “Managers are always interested in moves that will prove a net positive for their organizations’ effectiveness–and bottom line,” he says.   To get executive buy-in for funding or time off for certifications, Chaudhuri says it’s important to show how these new skills align with the company’s goals.  “Point out how these certifications can tackle key challenges, fill skills gaps, or advance important projects like AI initiatives,” he says.  It also helps to have some data ready to prove the productivity and cost benefits.  “Pitch it as a smart investment for the company and suggest a plan that won’t interfere with day-to-day responsibilities,” he explains.   Finding the Right Career Certs  Chaudhuri says figuring out which certifications and skills to pursue for career growth doesn’t have to be overly complicated — start by looking at what’s hot in the industry, for example cloud computing, AI, or cybersecurity.  “Check job listings for roles you’re interested in to see what credentials employers are seeking,” he says. “Talking to peers, mentors, or industry leaders can give you a better idea of what’s worth pursuing.”  Farnsworth says by taking a strategic approach that combines personal goals with real-time industry insights, IT professionals can select certifications that will propel their careers forward while remaining adaptable to industry changes.  He adds that by connecting with others in their desired field, IT professionals can gain an understanding of the types of skills or certifications that add value and those that may be unnecessary.  “Mentorship can also guide them towards the skills they might need that go beyond formal qualifications,” Farnsworth says.   source

E-mails and pop-up messages encouraging the use of multi-factor authentication or complex passwords made users throughout the world aware that last month was cybersecurity awareness month. Many are also still being reminded of — and becoming numb to — the personal stakes of cybersecurity breaches, thanks to free credit monitoring offers in the aftermath of far-too-regular personal data theft from the financial, healthcare, and human resources institutions that we trust to keep our information safe. But just as we didn’t address the automotive safety threats addressed in Unsafe at Any Speed through either blind trust in existing safety features or a defeatism around the hazards of automotive accidents, we shouldn’t allow the mounting stakes of cybersecurity to go unchecked.  Given the pervasiveness of personal data theft as a cybercrime, it’s easy to believe that the consequences of a cyberattack would be limited to individual harm that can be detected and remedied through free credit monitoring and a messy-but-doable identity recovery process following a breach. It’s equally easy to believe that the nation-state hackers who use sophisticated attacks that can cause not only individual financial and corporate reputational damage, but also massive societal impact, have limited their hacking to high-level government-controlled systems. However, recent events have proven that this is not the case.  Related:Lessons from Banking on the Role of the Chief Risk Officer Americans got their first taste of the potential physical and economic impact of a cyberattack in May 2021, when Eastern European cyber criminals caused the shutdown of Colonial Pipeline’s operations due to ransomware in its IT systems — a breach that did not even directly impact the critical operational technology (OT) systems that control the pipeline itself. The criminal actors responsible were able to extract a multimillion-dollar ransom, most of which was recovered thanks to law enforcement collaboration. Criminal attacks against utilities remain ongoing, as evidenced by the August cyberattack against Halliburton; moreover, utilities and even the government won’t always be able to pay their way out of a cyberattack.  The next time America, or one of its close allies, experiences a major infrastructure attack, our credibility on the world stage and the sovereignty of our partners abroad may be at stake. A China-affiliated cyber actor, codenamed Volt Typhoon, was conducting low-profile hacks to be able to orchestrate a massive “everything, everywhere, all at once” cyberattack that could impact the availability of power and water across the United States. Such an attack would be used to weaken American resolve to support Taiwan in the event of an invasion or other hostile action, warned US Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly in January 2025.   Related:Why the Demand for Cybersecurity Innovation Is Surging CISA, in partnership with US law enforcement and intelligence agencies, has built unprecedented intelligence sharing and cybersecurity collaboration mechanisms with critical infrastructure providers to mitigate this capability, but the drumbeat of attacks has not stopped. In the midst of Cybersecurity Awareness Month, an unattributed attack on American Water and a China-linked attack against US telecom providers that may have targeted lawful intercept capabilities were potent reminders that hackers aren’t just after our money — they’re also trying to jeopardize access to basic necessities and invade our privacy, even if they’re holding their full capabilities in reserve to strike at the moment that’s most advantageous for them.  As strong as the collaboration between government and critical infrastructure in the cybersecurity space has made us, it’s not enough to overcome the threat of highly sophisticated attackers using AI to target industrial systems, but also personal accounts and devices to gain a foothold in corporate networks. Software companies must incorporate more secure coding practices as CISA is encouraging with its Secure by Design and Default initiatives. Cybersecurity companies must keep innovating to create technologies that can defuse new types of attacks, like a browser-based attack developed in mid-2024 that could compromise a computer if a user so much as viewed a compromised image file.  Related:Threat Actors Put $1 Trillion Shopping Season in Their Sights But at the end of the day, it’s not enough that the US Government and corporations — both those that deploy enterprise software and those who develop it — emphasize cybersecurity. Each of us must realize that cybersecurity is a fundamental safety concern that merits due diligence in our day-to-day lives. In the automotive world, more than 60 years of life-threatening accidents occurred between the production of the Model T and the requirements for safety belts; it took 20 more years for laws requiring drivers and passengers to use them. It’s been 30 years since the introduction of the World Wide Web to the public, and it’s evident that we don’t have 80 years to only create, but also embrace, technology to enforce internet security and safety. The threats are accelerating, and neither the US Government nor free credit monitoring alone can save us.  source

As the most informed resource about emerging risks within any organization, chief risk officers (CROs) play a vital role in safeguarding business success and fostering a risk-aware culture that promotes resilience and adaptability. CROs are responsible for continuously monitoring and mitigating challenges associated with everything from interconnected risks, new emerging risks on the rise, regulatory compliance, operational efficiency, risk innovation, and transformation across the organization. In short, they are tasked with possessing in-depth knowledge of risks — including that of emerging climate-related risks — that can disrupt operations, cause losses, damage reputation, and decrease customer and shareholder trust.   Within the financial services sector, the environment financial institutions are operating in is now so acutely high risk that risk management has become core to daily operations, playing a critical role in the success and sustainability of banks and insurers in everything from regulatory compliance and customer trust to operational efficiency and asset management. Heightened geopolitical tensions and challenges endured by the supply and demand shocks of recent years has further forced enterprises to re-evaluate their operations to stay afloat and succeed in today’s risk environment.   Related:Why Are Organizations Still Getting Hacked? Many CROs within banking are tasked with taking steps to better address liquidity, credit, market, operational, technology, regulatory compliance, and reputational risks as they occur, and can only do this through powerful risk management strategies. These include building a trusted data foundation for a single view of risk and fueling AI with contextual insights to more accurately identify existing, emerging, and hidden risks. This holistic and interconnected view of data is critical to uncovering and responding to interconnected risk factors posed to customers, vendors, and suppliers. Many banks also use this data foundation to better equip their frontline employees with information too, helping turn the cost of managing risk into new opportunities for potential revenue growth.   Building a Foundation to Provide a Single View of Risk  To gain a holistic and accurate understanding of risk at scale, CROs should work alongside the chief data officer (CDO) and chief information officer (CIO) to build this data foundation, creating a connected and contextual view of their customers and counterparties based on both proprietary sources (such as customer portfolios) and supplementary sources (such as credit data) — even more relevant given the current re-focus on risk data aggregation principles, such as BCBC239.  Related:Why the Demand for Cybersecurity Innovation Is Surging For financial institutions, credit risk insights, analytics, and decisioning becomes increasingly effective when combined with entity resolution (ER), knowledge graphs, and AI copilots. ER is the process by which data is cleansed and matched to create entities to ensure that data entries referring to the same “real world” entity — whether a business name, product, or individual — can be connected. It’s a critical tool for linking records, de-duplicating and matching data within large systems, and plays an important role in connecting siloed data across multi-source data. Further, knowledge graphs help to visualize and determine the relationship between entities, understand supply chain and concentration across clients and suppliers, the direction of those relationships, and the strength of connections. When using this technology paired with a copilot, it gives teams the ability to easily query the data and make informed decisions faster.   This combination connects structured and unstructured data from multiple sources into one holistic view of entities and the relationships between them, to drive a deeper contextual understanding that is essential for improved decision-making and stronger risk management overall. By merging billions of data points from multiple sources, CROs in these financial institutions working in tandem with the CDOs and CIOs within their teams gain a greater view of a customer’s financial health. This process enables business teams to better assess the overall risk of extending credit to a potential borrower, granting greater risk visibility for the CRO. Where existing credit analytics and insights may initially assess the customer as a low-risk borrower, the deployment of ER and knowledge graphs ensures a more informed and strategic decision-making process when analyzing broader datasets, such as the potential risks of the counterparties a customer interacts with.   Related:Threat Actors Put $1 Trillion Shopping Season in Their Sights Fueling AI for Risk Management The deployment of both knowledge graphs and ER is critical to ensuring a trusted data foundation that CROs in other sectors can also rely on to deliver a contextual understanding of risk. This interconnected data foundation is essential to truly realize the value of AI in risk management while simultaneously revealing interconnected risk factors. For both risk management teams and frontline employees, knowledge graphs and ER help strengthen the accuracy and reliability of AI models across the organization to reduce complexity, bolster augmented decision-making, and speed the time it takes to complete tasks from days and weeks to mere minutes. Those who establish a quality data foundation and gain more nuanced and accurate insights using AI with context will have the advantage of operationalizing their data to support their organizations both defensively and offensively.    However, according to a recent global survey of risk and compliance professionals on AI in risk management and compliance, two thirds of respondents rate their firm’s data quality as low quality: inconsistent and fragmented. Further, while nearly 70% of respondents believe AI will be transformative or have a major impact within the next 3 years, just 9% revealed that AI is actively being utilized within their companies for compliance and risk management.    From detecting anomalies to identifying patterns and making predictions, the leveraging of AI-enabled tools ensures that CROs stay informed of potential risk factors and can quickly respond when issues arise. However, this will only be effective with increased access to context-based data insights and a trusted data foundation designed to fuel the insights needed for effective risk management. And, in turn, create new opportunities for growth.    source

Ransomware remains a lucrative strategy for threat actors, but extortion that targets retail during the holiday season could be quite lucrative for ransomware groups.  Retail can be a juicy target for cyberattacks year-round, and that risk — for retailers, their supply chain, and their consumers — is amplified during the holidays. This year, online and in-store retail sales in the US could add up to more than $1 trillion, according to research and advisory company Forrester. And where that much money is flowing, cyber threat actors are always looking for their slice of the pie.  Nearly 12,000 people reported cybersecurity scams to the FBI’s Internet Crime Complaint Center (IC3) during last year’s holiday season. Those scams resulted in more than $73 million in losses, according to the Cybersecurity and infrastructure Security Agency (CISA). The average cost of a data breach in the retail space is $3.48 million, according to IBM’s Cost of a Data Breach Report 2024. What are some of the top threats facing the retail industry? How can enterprise leaders in this sector protect their organizations and their consumers?   Retail Risks  The retail industry is no stranger to large-scale data breaches and the need to respond fast is critical this time of year. “You could imagine a bad actor coming in and trying to take over retailer systems … with the expectation that the retailer may want to pay very quickly to handle the ransomware attack to get their systems back online so they don’t lose out,” says Sean McNee, vice president of research and data at DomainTools, an internet intelligence company.    Related:Lessons from Banking on the Role of the Chief Risk Officer Financially motivated threat actors can unearth and exfiltrate a trove of valuable personal information when they successfully breach a retailer or one of its vendors.   “The complex design of ecommerce platforms, featuring dynamic websites and applications, increases the risk of information leaks due to poorly secured APIs, mismanaged user input, and inadequate data management practices,” Shobhit Gautam, staff solutions architect at security platform HackerOne, tells InformationWeek in an email interview.   Data stolen from retailers is a valuable tool for fraudsters. Phishing and smishing are tried and true tactics that target consumers. Threat actors posing as legitimate retailers or delivery services, for example, will text consumers requesting personal information that enables theft.   Brand impersonation campaigns can also lure victims with promises of earning cash. Threat actors will pose as a major retailer, like Amazon or Walmart, and offer people the possibility of remote work.   Related:Why Are Organizations Still Getting Hacked? “What they’re doing is stringing you along, making you think you have a job so you can earn some extra cash for the holiday season. Instead, they’re just taking your money and running,” says McNee.   Web skimming attacks are another common tactic. “Magecart is an umbrella term for various cybercriminal groups specializing in web skimming attacks. These groups inject malicious JavaScript code into ecommerce websites to steal payment card information during checkout,” Gautam explains.   GenAI adds another dimension to the onslaught of attacks faced by retail and other industries. The technology can make phishing lures and sites much more convincing. Threat actors can also use AI in brute force attacks.  “AI can leverage botnets to carry out brute force attacks on gift card websites that can test thousands of card numbers and pin combinations per minute. This allows threat actors to exploit gift card balances and deplete account funds,” says Gautam.  Successful attacks in the retail space can result in consumer fraud, downtime for stores, lost revenue, and lasting brand damage.   Threat Actors   While GenAI empowers more threat actors with low technical skills, there are a number of larger groups known for targeting retail. For example, LockBit and Play are two ransomware gangs known for attacking the retail sector, according to cybersecurity company Trustwave.   Related:Why the Demand for Cybersecurity Innovation Is Surging While law enforcement disrupted LockBit earlier this year, the group quickly reemerged. “LockBit … may be trying to target the retail sector this season try to make some quick cash,” says McNee.   Some threat groups out of China are angling for Black Friday shoppers, leveraging phishing to their advantage. Threat intelligence company EclecticIQ highlighted a campaign run by SilkSpecter, for example.  While financial motivation is a major factor, other threat actors could target the retail space simply to gain attention. McNee points to current geopolitical tensions and the possibility of politically motivated cyber actors targeting retail to amplify their message. “Given the geopolitical landscape that we live in now and have moved across for the last year or two, it would not surprise me to see some sort of attempt happen this holiday season,” he says.   Retail Response  With billions of dollars of revenue and consumer trust hanging in the balance, how can retail organizations navigate a season of busy shoppers and busy threat actors?  While holiday shopping may mean cyber threats are ramped up, the foundation for defense is the same. “I can’t say there’s some silver bullet this time of year to preventing things. Compliance and security are a 365 days a year thing,” says Brent Johnson, CISO of Bluefin, a payment and data security solutions company.   Johnson notes the shift some retailers are making to end-to-end encrypted and tokenized payments.   “Make sure merchants [are] aware these products exist,” he urges. “That way they’re not really targets of fraud or targets of breaches because they just don’t have the data anymore.”   Retailers have the responsibility to protect their consumers’ data and to keep them informed about the risks they face from threat actors.   “Retailers could … spend some time reviewing social media platforms to see … if people are complaining about fraudulent messaging or bad actors pretending to be related to [their] brand,” says McNee. Retailers can work to educate their consumers on ways to recognize those impersonation and fraud attempts.   Even retail organizations with strong cybersecurity defenses can still fall prey to persistent threat actors. When that does happen, it

Cybersecurity, like combat, is an industry that presents an ongoing state of attack. The threat landscape constantly evolves, with threat actors only growing more sophisticated with their tactics and techniques.   To be effective, defenders must be committed to the mission at hand. Their work requires the effort of a team, not a series of individual heroics. People who thrive in this type of environment must realize they are part of something greater than themselves.    Veterans are uniquely skilled to operate in this role. Through their past military service, they keenly understand how to work toward achieving a greater outcome and are self-motivated to reach that goal. They can offer a wealth of skills that align with key industry needs.   IT leaders must recognize the benefits that veteran talent can bring to their workforce. Below, we walk through five reasons why veterans thrive in cybersecurity roles.   1. Skilled in combating advanced adversaries  Many people don’t understand how malicious actors can compromise large Fortune 100 enterprises with ease. The answer is they’re not adopting the perspective of apex attackers.   Veterans can develop a deep understanding of how these attackers operate, as service members are trained to combat advanced adversaries like highly funded nation-state actors. For instance, military members engage in large-scale red team simulations of advanced threats to identify vulnerabilities and better understand adversary tradecraft.   Related:Lessons from Banking on the Role of the Chief Risk Officer Such high-level training is only provided in the Department of Defense intelligence community, which can train service members to deal with advanced threats that won’t likely reach civilians until many years later.   2. Trained extensively to meet the moment  A challenge for many commercial organizations is that their security teams primarily respond to security incidents and are unable to train extensively to deal with a cybersecurity breach. Therefore, when a breach occurs, those teams must figure out how to respond in real time.   Conversely, veterans are conditioned to always be oriented against the threat they face because they can’t afford to be reactive. Their military experience requires constant training so when the battle is real, they know how to respond.   This mindset extends well to cybersecurity, where defenders must be proactive in combating threats. Many veterans are skilled in uncovering advanced threats within systems. When performing exercises like red team simulations, they bring a military mindset and operate like a true aggressor. They adopt this serious approach because they understand the objective to fortify an organization’s systems. If a breach occurs, your security team must know how to respond in real time to remediate the threat and mitigate impact, which many veterans are trained to do.   Related:Why Are Organizations Still Getting Hacked? 3. Highly adaptive to adversity  Veterans are uniquely purpose-driven, as the No. 1 job in the military is to execute the objective, whatever this task is.  A common phrase used in the military is that “failure is not an option,” and to be successful, one must demonstrate the ability to “adapt and overcome.”   Service members are tested constantly by being thrown into complex situations, forcing them to become highly adaptive to change. Through this training, veterans become poised to deal with uncertainty and demonstrate agility. In being forced to learn new environments quickly and identify the path to success, they are conditioned to do whatever it takes to succeed. These traits are invaluable in the cybersecurity field where you encounter a great deal of uncertainty, be it with threat detection, risk management, incident response or troubleshooting. Veterans are trained to handle uncertain situations better than most.   Related:Why the Demand for Cybersecurity Innovation Is Surging 4. Adopting a ‘mission first, people always’ approach  Importantly, service members learn that “mission accomplishment” is integrated tightly with troop welfare. Because without the right people, a complex mission cannot be executed. If you take care of your people, they can take care of you.   As a result, veterans are often well-versed in the values of teamwork and relationship-building. Many learn how to lead efficiently and work with people to help maximize their abilities. They also recognize the importance of striking a balance in committing to completing the mission without becoming one-dimensional. Veterans know that if you demonstrate care for your people, they’ll want to deliver whenever they’re asked to push. Developing that trust is important in any walk of life, and veterans do an exceptional job of learning how to cultivate it among their colleagues.   5. Serving a greater cause  Cybersecurity is unique in that defenders serve an industry that has a dual mission; even if cybersecurity operators work for a private company, their work serves a public good. Their efforts ultimately play a role in making the world a safer place, which is a mission that resonates with many veterans.   Cybersecurity is one of the few industries that provides veterans with an avenue to serve a greater cause. It also presents a battle space where defenders are constantly in the fight, which is a concept veterans can easily grasp from their military experience. Their service provides them with specialized, real-world skills that directly apply to critical industry needs. IT leaders at cybersecurity organizations must take note, as hiring veteran talent can strengthen their overall workforce and take their security operations to the next level.  source

In their never-ending quest to improve efficiency and productivity, a rapidly growing number of enterprises are currently building, or planning to build, augmented-connected workforces. An augmented-connected workforce allows humans and machines to work together in close partnership. The goal is people and devices functioning more productively and efficiently than when working in isolation.  An augmented-connected workforce can be defined as a tech-enabled workforce of humans that have access to next-generation technologies, such as AI, IoT, and smart devices, to do their day-to-day jobs, says Tim Gaus, a principal and smart manufacturing business leader with Deloitte Consulting, in an online interview. “These technologies add a level of intelligence and efficiency for employees by providing skills that humans don’t possess while allowing workers to focus on higher level, strategic work.” In general, augmented-connected workforces allow for a more dynamic, connected work environment that prepares human team members to work seamlessly with high technology devices.  Building the Case  Today’s workforce is moving rapidly toward an integrated, interconnected ecosystem of workers and technology. “By evolving our mindset on what a workforce is, it becomes clear that an augmented-connected workforce provides the most potential,” Gaus says.  Related:How Can Decision Makers Trust Hallucinating AI? An augmented-connected workforce’s benefits vary significantly depending on the type of augmentation being applied, says Melissa Korzun, vice president of customer experience operations at technology services firm Kantata. On the whole, however, it can reduce errors, decrease costs, improve quality, and even contribute to safer working conditions in manufacturing sectors, she notes in an email interview.  Other potential benefits include faster training and upskilling, improved safety, enhanced efficiency, and better cost management. “In manufacturing, for example, as businesses look to expand production capabilities, using innovative tools designed for workers can help streamline processes, leading to faster time-to-market,” Gaus explains.  Korzun notes that in the business sector an augmented-connected workforce promises to build significant administrative efficiency. It can, for example, reduce the time needed to process large volumes of information while creating the ability to summarize unstructured data sets. Companies that take advantage of these new assistive capabilities will benefit from improved productivity, increased quality, and less burnout in their workforce, she says. Related:How AI is Revolutionizing Photography As organizations continue to scale their augmented-connected workforces, additional benefits are likely to emerge. “Life sciences, for example, has seen a huge benefit in leveraging computers to expedite data analysis and then pairing humans to use these discoveries to create new therapies for diseases,” Gaus says. He expects that many other discoveries will emerge across industries over time, leading to innovations as well as new opportunities to engage customers.  Virtual Assistance  An augmented workforce can work faster and more efficiently thanks to seamless access to real-time diagnostics and analytics, as well as live remote assistance, observes Peter Zornio, CTO at Emerson, an automation technology vendor serving critical industries. “An augmented-connected workforce institutionalizes best practices across the enterprise and sustains the value it delivers to operational and business performance regardless of workforce size or travel restrictions,” he says in an email interview.  An augmented-connected workforce can also help fill some of the gaps many manufacturers currently face, Gaus says. “There are many jobs unfilled because workers aren’t attracted to manufacturing, or lack the technological skills needed to fill them,” he explains.  Related:Prioritizing Responsible AI with ISO 42001 Compliance Building a Plan  To keep pace with competitors, businesses should develop a comprehensive strategy for utilizing new technologies, including establishing a cross-functional team that’s dedicated to identifying critical areas where technology augmentation can help solve core business challenges, Korzun says. “There are lots of shiny objects out there to chase right now — focus on applying new tech capabilities to your most critical business issues.” To assist with planning, she advises IT leaders to talk with their vendors about their current augmented-connected workforce technologies and their roadmaps for the future.  For enterprises that have already invested in advanced digital technologies, the path leading to an augmented-connected workforce is already underway. The next step is ensuring a holistic approach when looking at tangible ways to achieve such a workforce. “Look at the tools your organization is already using — AI, AR, VR, and so on — and think about how you can scale them or connect them with your human talent,” Gaus says. Yet advanced technologies alone aren’t enough to guarantee long-term success. “Innovative tools are the starting point, but finding ways to make human operations more efficient will lead to true impact.”  Final Thoughts  While many enterprises have already begun integrating emerging technologies into routine tasks, innovation alone without considering the role humans will play within the new model can lead to slower progress in an augmented-connected model, Gaus warns. “Humans are much more likely to engage with and utilize technology they understand and trust.” The other piece of the puzzle is ensuring that workers are appropriately skilled in the new technologies entering the business.  Businesses must continue to embrace technology and digital transformation in order to build the most dynamic workforce possible, Gaus states. “Doing so will maximize their technology investment and create a more connected, reliable workforce.” source